Xlmmacrodeobfuscator

The following list summarizes the most notable features added in this version:
1. The following XLM functions are added: ROUND, SET.NAME, DIRECTORY, CONCATENATE, ACTIVE.CELL, SELECT, AND, OR, WHILE, LEN, REGISTER
2. Dumps shellcodes injected into a process. It interprets the following Windows APIs: VirtualAlloc, WriteProcessMemory, RtlCopyMemory
3. Guesses the correct day for DAY(NOW()) used for deobfuscating XLM macro.
4. Supports range addresses
5. New switches: --with-ms-excel, --password (--no-ms-excel is deprecated)
6. Bug fixes

In this version, many new features are introduced. The followings are a few notable additions:
1. Many functions such as GET.WORKSPACE, GET.CELL, FORMULA.FILL, SET.VAL, DAY, and IF are added
2. If the IF-condition cannot fully be evaluated, then both branches will be explored
3. Loop detection mechanism is added to prevent looping
4. XLM grammar is updated to consider operator precedence and also associativity

This is an initial release of XLMMacroObfuscator.

XLMMacroObfuscator supports:

Extraction of cell information from macrosheets in xls, xlsm, and xlsb files.

Emulation XLM macros (limited, not all functions are implemented)